Chat now with support
Chat with Support

Identity Manager 8.1.5 - Business Roles Administration Guide

Managing business roles
One Identity Manager users for business roles Hierarchical role structure basic principles Basic principles for assigning company resources Basics of calculating inheritance Preparing business roles for company resource assignments Basic data for structuring business roles Editing business roles Assigning employees, devices, and workdesks to business roles Assigning business roles to company resources Analyzing role memberships and employee assignments Setting up IT operating data Additional tasks for managing business roles Reports about business roles
Role mining in One Identity Manager

General master data for a business role

Enter the following master data for a business role.

Table 11: General master data for a business role

Property

Description

Business role

Business role name.

Short name

Short name for the business role.

Internal name

Additional identifier for the business role.

Role class

Role class to which the business role is assigned. The value is preset with the role classes selected in the navigation view. If a new business role is added, you can assign any role class to it.

Parent business role

Parent of business role in the hierarchy.

To organize business roles hierarchically, select the parent business role in the menu. Only the business roles that belong to the same role class can be selected. Leave this field empty if the business role is at the top level of the business role hierarchy.

Role type

Select a role type from the menu.

To create a new role type, click . Enter a name and description for the role type.

Role approver

Application role whose members approve IT Shop requests for members of this business role.

To create a new application role, click . Enter the application role name and assign a parent application role.

Role approver (IT)

Application role whose members approve IT Shop requests for members of this business role.

To create a new application role, click . Enter the application role name and assign a parent application role.

Manager

Manager responsible for the business role.

2nd Manager

Deputy business role manager.

Attestors

Applications role whose members are authorized to approve attestation cases for this business role.

To create a new application role, click . Enter the application role name and assign a parent application role.

NOTE: This property is available if the Attestation Module is installed.

Department

Department to which the business role is primary assigned.

Location

Location to which the business role is primary assigned.

Cost center

Cost center to which the business role is primary assigned.

Description

Text field for additional explanation.

Comment

Text field for additional explanation.

Remarks

Text field for additional explanation.

Certification status

Business role certification status. You can select the following certification statuses:

  • New - The business role has been added to the One Identity Manager database.
  • Certified - The business role's master data has been granted approval by a manager.
  • Denied - The business role's master data has been denied approval by a manager.
Import data source Target system or data source, from which the data set was imported.

Block inheritance

Specifies whether inheritance for this business role can be discontinued. Set this option to discontinue inheritance within the business role hierarchy.

X500 nodes

Select this option to label a cost center for exporting to an X500 schema.

Employees do not inherit

Specifies whether employee inheritance should be temporarily prevented for this business role.

Devices do not inherit

Specifies whether device inheritance should be temporarily prevented for this business role.

Workdesks do not inherit

Specifies whether workdesk inheritance should be temporarily prevented for this business role.

Dynamic roles not allowed Specifies whether a dynamic role can be created for the business role.
Related topics

Business role address data

Enter the following master data for contacting the business role.

Table 12: Business role address data
Property Description

Address

Business role mail address

Street

Street or road.

Building

Building

Zip code

Zip code.

City

City.

Country

Country. You require this to determine the employee’s language and working hours. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

State

State. You require this to determine the employee’s language and working hours. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

Phone

Business role telephone number.

Quick dial

Telephone short entry (without code).

Room

Room.

Comment (room)

Text field for additional explanation.

Functional area and risk assessment

Here, you can enter values to classify the business roles, which analyze the risk of a business role with respect to identity audit.

Table 13: Master data of a business role's functional area
Property Description

Functional area

Department functional area This data is required for department's risk assessment. For more information, see Functional areas.

Risk index (calculated)

A risk index is calculated for the department risk assessment based on assigned company resources. The field is only visible if the “QER | CalculateRiskIndex” configuration parameter is set. For detailed information, see the One Identity Manager Risk Assessment Administration Guide.

Transparency index

Specifies how well you can trace department assignments. Use the slider to enter a value between 0 and 1.

0 ... no transparency

1 ... full transparency

Max. number of rule violations

Specify how many rule violations are permitted for this department. The value can be evaluated when compliance rules are checked.

NOTE: This property is only available if the Compliance Rules Module is installed.
Turnover for this unit Business roles turnover.
Earnings for this unit Business roles earnings.

User-defined master data for a business role

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating